Very Cool jsunpack-n release: JavaScript Decoding on the Network (The Future)

[MysteryFCM]

Very Cool jsunpack-n release: JavaScript Decoding on the Network (The Future)
 
My favorite tools to decode JavaScript today are for security research and often have too little impact because administrators must find URLs, submit them for research, and it requires significant additional effort. There is no current way to detect threats against a real network using these tools in an automatic manner.

Until now! I started building a tool that is useful to administrators defending networks. The main difference is that it is a completely passive JavaScript decoder to perform Intrusion Detection, by processing network traffic (either an interface or pcap file), rather than URLs.

I built a basic implementation of this concept as a new version of "jsunpack-network" or (jsunpack-n). Some of the benefits of this technique are:

http://jsunpack.blogspot.com/2009/06/very-cool-javascript-decoding-on.html

[MysteryFCM]

http://jsunpack.blogspot.com/2009/06/jsunpack-n-updates-for-pdf-decoding.html

[SysAdMini]

Jsunpack-n update 0.3.2: Major Updates
http://jsunpack.blogspot.com/2010/04/jsunpack-n-update-032-major-updates.html